Russ

Author Archives: Russ

Weekend Reads 060619

When most people speak of exascale supercomputers, they tend to focus on the computational aspect of these systems. That’s certainly understandable inasmuch as exascale has been generally equated with performing calculations at the level of exaflops. —Michael Feldman

Although it was originally developed by Google, Kohn said Kubernetes has been built on a decade of learning and incorporates a host of technologies from other companies. “There is no vendor lock-in,” he said. “Google has encouraged developers from other companies to take part.” —Cliff Saran

The exposed areas needing improvement by ICANN — both the organization as well as its global community of stakeholders — provide a target-rich environment. —Greg Thomas

The market-dominating behavior of four of the biggest tech companies now appear to be in the crosshairs of the U.S. government, but the big question for consumers and investors is, will anything actually change this time around? —Therese Poletti

On the one hand, testing is all too often the roadblock that stands between highly accelerated Dev processes and highly automated ops-driven delivery processes. But on the other hand, testing is essential for ensuring that the release doesn’t place the business at risk — undermining the very “customer experience” Continue reading

When should you use IPv6 PA space?

I was reading RFC8475 this week, which describes some IPv6 multihoming ‘net connection solutions. This set me to thinking about when you should uses IPv6 PA space. To begin, it’s useful to review the concept of IPv6 PI and PA space.

PI, or provider independent, space, is assigned by a regional routing registry to network operators who can show they need an address space that is not tied to a service provider. These requirements generally involve having a specific number of hosts, showing growth in the number of IPv6 addresses used over time, and other factors which depend on the regional registry providing the address space. PA, or provider assigned, IPv6 addresses can be assigned by a provider from their PI pool to an operator to which they are providing connectivity service.

There are two main differences between these two kinds of addresses. PI space is portable, which means the operator can take the address space when them when they change providers. PI space is also fixed; it is (generally) safe to use PI space as you might private or other IP address spaces; you can assign them to individual subnets, hosts, etc., and count on them remaining the Continue reading

Weekend Reads 053119

There were over 90 protests nationwide recently against the coming 5G technology, mostly related to health concerns. The protesters have some of the facts wrong about 5G and that makes it easier for policymakers to ignore them. —Doug Dawson

The public cloud is dampening demand for data center capacity and leading to closures, consolidation and a big rethink on data center ownership. Right? Not quite, according to the latest Uptime Intelligence research. —Rhonda Ascierto

After some years of accelerating IPv6 deployment, we are now into a period of slower growth and it’s not clear where we are heading. It is therefore interesting to try to predict the future of IPv6 over the coming years. —Christofer Flinta

Information security must be about far more than simple prevention. Preventing cyberattacks is a critical component of modern information security, however, on its own prevention is inadequate. Understanding dwell time is useful in understanding why. —Trevor Pott

Several subjects have come up with the past week that all come down to the same thing: your threat model is wrong. Instead of addressing the the threat that exists, you’ve morphed the threat into something else that you’d rather deal with, or which is easier to Continue reading

Upcoming Course: How Routers Really Work

My newest course on Safari through Pearson is coming up in just a few weeks:

This training will peer into the internal components of a router, starting with an explanation of how a router switches packets. This walk through of a switching path, in turn, will be used as a foundation for explaining the components of a router, including the various tables used to build forwarding tables and the software components used to build these tables.

History of the Internet: An Asian Perspective

Fun fact from this episode of the History of Networking: because of export rules, students in South Korea had to rebuild the TCP/IP stack for the PDP11 and other hosts in order to bring the first IP link up in southeastern Asia. In this recording, Donald and I are joined by Kilnam Chon.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The BGP Monitoring Protocol (BMP)

If you run connections to the ‘net at any scale, even if you are an “enterprise” (still a jinxed term, IMHO), you will quickly find it would be very useful to have a time series record of the changes in BGP at your edge. Even if you are an “enterprise,” knowing what changes have taken place in the routes your providers have advertised to you can make a big difference in tracking down an application performance issue, or knowing just when a particular service went off line. Getting this kind of information, however, can be difficult.

BGP is often overloaded for use in data center fabrics, as well (though I look forward to the day when the link state alternatives to this are available, so we can stop using BGP this way). Getting a time series view of BGP updates in a fabric is often crucial to understanding how the fabric converges, and how routing convergence events correlate to application issues.

One solution is to set up the BGP Monitoring Protocol (BMP—an abbreviation within an abbreviation, in the finest engineering tradition).

BMP is described in RFC7854 as a protocol intended to “provide a convenient interface for obtaining route views.” Continue reading

Weekend Reads 052419

By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. —Geoff Huston

According to our researchers, the attackers either had access to the source code of the victims’ projects or they injected malware at the time of project compilation, meaning they were in the networks of those companies. And this reminds us of an attack that we reported on a year ago… —Kapersky

Endpoint security is a common concern among organizations, but security teams should be thinking more broadly about protecting data wherever it resides. —Kelly Sheridan

Two open source projects that have been instrumental in providing metrics for cloud native operations have merged into a single project. The fusion of Google’s OpenCensus and the Cloud Native Computing Foundation’s OpenTracing will be known as OpenTelemetry, and will be managed by the CNCF. —Joab Jackson

In a blog post published Tuesday, Google revealed that its G Suite platform mistakenly stored unhashed passwords of some of its enterprise users on internal servers in plaintext for 14 years because of a bug in the password recovery Continue reading

meeting madness, ONUG, and software defined

Jordan, Eyvonne, and I sit down for a conversation that begins with meetings, and ends with talking about software defined everything (including meetings??).

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Out and about this week

A reminder to my readers that I will be speaking at Interop19 this week in Las Vegas on Wednesday. Denise Donohue and I are speaking about finding smart people:

Every hiring manager wants someone who will “hit the ground running.” But there are many ways to achieve that result. In this session, you’ll learn the most effective ways to find and grow talent for your organization. We’ll address key decision points around talent acquisition…

I will also be speaking at CHINOG Chicago Illinois on Thursday:

Disaggregation began with the hyperscalers, and is quickly moving through the rest of the network engineering world. What is disaggregation, really? Does it always mean open source and white boxes, or is there some broader meaning that can be applied across many different products to build and add value to many different kinds of networks?

And interacting with some other folks on a panel about getting started in the IETF.

Weekend Reads 051919

Another week, another devastating, industry-shaking, cybersecurity threat. This week’s is particularly haunting, though — the resurrected corpse of the Spectre and Meltdown vulnerabilities, aptly known as ZombieLoad. —Another week, another devastating, industry-shaking, cybersecurity threat. This week’s is particularly haunting, though — the resurrected corpse of the Spectre and Meltdown vulnerabilities, aptly known as ZombieLoad.

Today sees the publication of a range of closely related flaws named variously RIDL, Fallout, ZombieLoad, or Microarchitectural Data Sampling. The many names are a consequence of the several groups that discovered the different flaws. From the computer science department of Vrije Universiteit Amsterdam and Helmholtz Center for Information Security, we have “Rogue In-Flight Data Load.” —Peter Bright

Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. —Swati Khandelwal

Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. —Mohit Kumar

Intel’s struggles to get its 10 nanometer processors out the door has forced the company to do some serious soul-searching. And while Continue reading

History of Networking: Pseudowires

In this episode of the History of Networking, Donald Sharp and I talk to Luca Martini about the origins of pseudowires—one of the more interesting innovations in the use of MPLS.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

On the ‘net: EVPN Use Cases

In the final session of this video series, we talk to industry experts and RFC authors about additional challenges for which EVPN-VXLAN is a strong answer: Connecting domains (DCI, Campus to DC connections, Multi-vendor networks), multicasting for use cases like live TV streaming, public cloud connection, and other super powers. Join us to find out why these expanded use cases make your lives easier and why your CTO will want to hear more about it to equip your business for rapid responses to new application needs.

On the ‘net: Dial Banks

In the early 1990’s, several large network equipment vendors sold equipment targeted at large scale dial banks, including Cisco, ADTRAN, and Cabletron. These servers were often tied to banks of modems on one side, and to servers of some sort on the other, creating a dial bank. Dial banks grew in scale and sophistication on the back of Bulletin Board Systems (BBSs), run by dedicated system operators (SYSOPs) for the support of individual communities. At one time, there were tens of thousands, potentially even hundreds of thousands, of these systems in the United States alone, serving large communities of users. @ECI LighTALK

Gall’s Law and the Network

In Systemantics: How Systems Really Work and How They Fail, John Gall says:

A complex system that works is invariably found to have evolved from a simple system that worked. A complex system designed from scratch never works and cannot be patched up to make it work. You have to start over with a working simple system.

In the software development world, this is called Gall’s Law (even though Gall himself never calls it a law) and is applied to organizations and software systems. How does this apply to network design and engineering? The best place to begin in answering this question is to understand what, precisely, Gall is arguing for; there is more here than what is visible on the surface.

What does a simple system mean? It is, first of all, an argument for underspecification. This runs counter to the way we instinctively want to design systems. We want to begin by discovering all the requirements (problems to be solved and constraints), and then move into an orderly discussion of all the possible solutions and sets of solutions, and then into an orderly discussion of an overall architecture, then into a nice UML chart showing all the interaction Continue reading

Weekend Reads 051019

If you can’t address your customers and the people interacting with your network face to face, at least know where they are — anywhere in the world, anytime you want to. —Jonathan Zhang

In August 2018, Opensource.com posted a poll with seven options asking readers: What was the most important moment in the history of Linux? —Alan Formy-Duval

Stanford University’s “Silicon Genesis” is a collection of over 100 oral histories and interviews with the people who created Silicon Valley’s semiconductor industry. —David Cassel

Today’s enterprises make use of applications and services that live on-premises, in public clouds and even in edge data centers. IT has entered the multicloud era and connecting the modern enterprise isn’t easy. —aganesan

I don’t have a lot of good news for you. The truth is there’s nothing we can do to protect our data from being stolen by cybercriminals and others. —Bruce Schneier

Open source code is vital to software development at most organizations, but that doesn’t mean that enterprises have figured out how to use open source without inadvertently introducing vulnerabilities into their code. —Curtis Franklin, Jr

World Password Day is a day in which companies around the world post blogs with advice, Continue reading

1 33 34 35 36 37 162